In this privacy policy we explain how we collect and use your personal information. ‘We’ means Prestige Plastics Limited. 3 Shipton Way, Rushden, NN10 6BQ. We are the data controller for the purposes of the Data Protection Act 2018and the EU General Data Protection Regulation.

You can contact us with any questions you may have about privacy or data protection.

We’ll use your personal information in accordance with the Data Protection Legislation.

Please note that links from our website may take you to external websites not covered by this policy. We recommend that you check their privacy policies yourself before submitting any personal information. We will not be responsible for the content, function or information collection policies of these external websites.

What information do we collect about you and how do we collect it?

You are not required (by law or by any contract with us) to provide personal information to us. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request.

Information you provide to us

We may receive personal information about you whenever you contact us. For example, by doing the following:

Contact information, such as your postal address, email address and telephone number

Additional information relevant to your use of our site and services, such as your marketing preferences, survey responses and feedback

In respect of our products and services details of your property, your requirements, the details of your installation and your payment details

In respect of job applications, your CV including details of your education and employment history (and any other information which you may choose to provide to us with your CV)

Information we collect about you on our website

We collect information using Cookies and other similar technologies to help distinguish you from other users of our website. These can streamline your online experience by saving you from re-inputting some information and also allow us to make improvements to our website. For more information about how and why we use Cookies please take a look through our Cookie Policy.

When you visit our website we may collect the following information:

Which pages you view and which links you follow

Your IP address and general location

Details of the hardware and software that you are using to access the site

Our Website is not intended for children and we do not knowingly collect data relating to children.

Information we collect about you from other sources

We may collect information about you from other sources. This may include the following:

If you apply for a job, we may collect information about your criminal record by obtaining a DBS check

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.

Information we receive about you from other sources

Sometimes you will have given your consent for other websites, services or third parties to provide information to us.

This could include information we receive about you if you use any of the other websites we operate or which are operated by Network Veka Limited or other members of Independent Network (which is a trading name of Network Veka Limited) or the other services we provide, in which case we will have informed you when we collected that data if we intend to share those data between those parties and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.

It could also include information from third parties that we work with to provide our products and services, such as payment processors, delivery companies, technical support companies and advertising companies. Whenever we receive information about you from these third parties, we will let you know what information we have received and how and why we intend to use it.

How do we use your personal information?

We take data protection law seriously, so below we have set out exactly how and why we use your information, and what our legal basis is to be able to use your information in each way.

Providing our services

It is necessary for us to use personal information about you to enter into and perform the contracts that we make with you, such as when you order our goods or services. Using your information in this context is necessary so that we can:

Provide you with information about our products and services, including our availability

Fit and install our products, provide our services and deal with payments in relation to those

Verify your identity

Deal with any complaints you may have

Contact you about any changes that we make to our products or services

If you enquire about, or apply for, a job vacancy, it is necessary for us to use your personal information as part of the recruitment process, in order to assess your suitability for a particular role.

Making our business better

We always want to offer the best products, services and experience that we can. Sometimes this means we may use your information to find ways that we can improve what we do, or how we do it.

In this context, we will only use your information where it is necessary so that we can:

Review and improve our existing products and services and develop new ones

Review and improve the performance of our systems, processes and staff (including training)

Improve our site to ensure that content is presented in the most effective manner for you and for your computer

measure and understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you

Contacting you

We want to stay in touch with you! Sometimes we may need to use the information that we have about you in order to respond to your questions or let you know about important changes.

We will only use your information in this respect where it is necessary so that we can:

Interact and respond to any communications you send us.

Let you know about any important changes to our business or policies

Verifying your identity

We may use your information where it is necessary for us to do so in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes.

Protecting you and others from harm

We may use your information where it is necessary to protect your interests, or the interests of others. This may include in the event of criminality such as identity theft, piracy or fraud.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to certify your qualification or provide you with copies of any certificates you request). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

Using Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you;

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and

Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data.

Purposes for which we will use your personal data

We only use personal information for the purposes outlined above and data will only be held for the timeframe necessary to support these purposes.In particular, we may use your personal information:

to carry out our obligations arising from any contracts entered into between you and us including in connection with providing products or services;

to put in place any insurance backed guarantees relating to the products and installation you have purchased;

to manage and administer the relationships;

to comply with our legal obligations and with instructions from 3rd parties or regulators, court orders or protect our legal interests.

to notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;

to train our staff to continuously improve our services; and

to analyse our products, services and marketing activity and to carry out market research.

If you tell us we can, we may also use your personal information to provide you with information about services, promotions and offers that may be of interest to you. We may use your personal information to identify additional products and or services that are likely to be of particular interest to you.

We need all the categories of information listed above to allow us to enter into and perform our contract with you*, to enable us to comply with legal obligations**, and in order to pursue legitimate interests of our own or those of third parties*** (provided your interests and fundamental rights do not override those interests). The situations in which we will process your personal data are listed below. We have indicated by asterisks the purpose or purposes for which we are processing or will process your personal information.

Providing our services (*, ***)

Put in place the necessary insurance backed guarantees (*, ***)

Interact with third parties in order to ensure the products and services have been delivered to your satisfaction and that the necessary insurance backed guarantees are put in place (*, ***)

Interact with regulators (**, ***)

Verifying your identity (*, **, ***)

Making a decision to supply our products and services. (*)

Administering the contract we have entered into with you. (*)

Dealing with any complaints you may have (*, ***)

Logistics management and planning, including accounting and auditing. (**, ***)

Making arrangements for the termination of our contract. (*, ***)

Making repairs, alterations and improvements to the products or services supplied (*, **, ***)

Dealing with legal disputes involving you (**, ***)

Complying with health and safety obligations. (*, **, ***)

To detect and prevent fraud, money-laundering and other crimes. (**)

To review and improve the performance of our systems, processes and staff (including training). (***)

To interact and respond to any communications you send us, including social media posts that you tag us in. (***)

To let you know about any important changes to our business or policies. (***)

To ensure that the information that we hold about you is accurate and up to date. (***)

To protect your interests, or the interests of others (such as in the event of criminality such as identity theft, piracy or fraud). (**, ***)

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who do we share your personal information with?

Sharing your information within our company and group

We share the information that you provide to us with our staff so that we can provide our products and services to you.

Sharing your information with third parties

We may share your data with selected third parties. For example, we will share your data with:

Network Veka Limited for the purpose of contacting you to ensure that you are satisfied with our service and in order to put in place a separate insurance backed 10 year guarantee;

First Degree Systems Limited for the purpose of Quoting and processing Orders;

Assure CPS SCHEME for the purpose of ensuring that the relevant building regulations are fully complied with; [and]

There are certain exceptional circumstances in which we may disclose your information to third parties. This would be where we believe that the disclosure is:

Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings

Necessary to protect the safety of our employees, our property or the public

Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.

Proportionate as part of a merger, business or asset sale, in the event that this happens we will share your information with the prospective seller or buyer involved

How long do we keep your personal information?

We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service (including where you have purchased products from us), we will retain any information you provide to us at least for as long as we continue to provide that service to you.

If you do not accept our quote we will retain your information for 24 months and may contact you during that period to remind you that it is outstanding. After this time frame we will delete your data unless you ask us not to. Where you accept a quote we will retain your information for so long as it takes to complete the installation of your order and thereafter for so long as you have a full and valid insurance backed guarantee in place and/or a service and maintenance contract with us in relation to your installation.

If you apply for a job vacancy (or otherwise send us your CV) we will retain your CV (and any publicly available information, for example from social media) for a period of 6 months. If we are considering you for a particular role, we may retain this information for longer than that period.

How do we protect your personal information?

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

We try to ensure that all information you provide to us is transferred securely via the website. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

All information you provide to us is stored on our / third party secure servers.

Accessing or amending your personal data

If you think the personal information we hold about you is inaccurate or incorrect, you can request that we correct this information (including your marketing preferences).

Even if we already hold your personal data, you still have various rights in relation to it. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

What rights do you have in respect of your personal information?

You have the right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to do just that, but if you have any questions or require more specific information, you can get in touch using our Contact Form.

You have the right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:

Why we have been using your information

What categories of information we were using

Who we have shared the information with

How long we envisage holding your information

In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold.

The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs.

You have the right to correct any inaccurate or incomplete personal data

Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case you can contact us so that we can correct our records.

You have the right to be forgotten

There may be times where it is no longer necessary for us to hold personal information about you. This could be if:

The information is no longer needed for the original purpose that we collected it for

You withdraw your consent for us to use the information (and we have no other legal reason to keep using it)

You object to us using your information and we have no overriding reason to keep using it

We have used your information unlawfully

We are subject to a legal requirement to delete your information

In those situations you have the right to have your personal data deleted. If you believe one of these situations applies to you, please get in touch using our Contact Form.

You have the right to have a copy of your data transferred to you or a third party in a compatible format

Also known as Data Portability, you have the right to obtain a copy of your personal data for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another, in a safe and secure way.

If you would like us to transfer a copy of your data to you or another organisation in a structured, commonly used and machine-readable format, please contact us. There is no charge for you exercising this right.

You have the right to object to direct marketing

You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications, and we will stop sending direct marketing immediately.

You have the right to object to us using your information for our own legitimate interests

Sometimes, we use your personal information to achieve goals that will help us as well as you. This includes:

When we tell you about products or services that are similar to ones that you have already bought

When we use you information to help us make our business better

When we contact you to interact, communicate or let you know about changes we are making

We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we must stop using your personal data for these purposes.

In order to exercise your right to object to our use of your data for the purposes above, please contact us.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:

You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this

You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection

We have used your information in an unlawful way, but you do not want us to delete your data

We no longer need to use the information, but you need it for a legal claim

If you believe any of these situations apply, please contact us.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Complaints

If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.

IT Policy

The IT for Prestige Plastics is maintained through Ashby Computer Services – A Managed Microsoft Gold Partner and advise Prestige Plastics on their best It practices.

• Server – The server that is used by Prestige Plastics is an enterprise grade server and is fully maintained to ensure that the server is protected for hardware failures. Users have at present the ability to copy data to memory sticks and to their local machines. The site uses a DLP based software to log all data access control and is installed to all machines on site so a root cause analysis can be completed.

• Password Policy – The server forces a secure password policy to all users that use the server which is a minimum of 8 characters, with upper, lower and numbers with the password to be forced to ensure that they are changed every 30 days.

• Antivirus – The server uses ESET antivirus to protect the server and the client machines, these have 0-hour protection turned on as well blocking of potentially unwanted programmes (the main source of trojans). This software reports directly to Ashby Computers whom will resolve the threats under the contract agreement.

• Firewall – Prestige Plastics use an enterprise grade firewall which has had all passwords changed from the defaults as well as the relevant firewall restricted to only allow authorised ports in and out of the network. The firewall also has a DOS attack prevention control to stop brute force attacks.

• Updates – All pc’s that connect to the server are domain joined and are valid, in support operating systems. These computers have the latest windows updates pushed to each of them every week to ensure they are constantly protected. PLEASE NOTE YOU STILL ARE SHOWING 1 XP MACHINE ON THE NETWORK

• Data Access – Requests for access to files and folders must come through the named contact with Prestige Plastics and Ashby provide full traceability for user access control requests.

• Changes in staff – As soon as a staff member leaves the organisation the account is disabled and the password changed immediately to block access to the server.

• Email – Email for Prestige Plastics is processed and stored via the in-house email system, all mail accounts are authorised through management and accounts are deleted as soon as user leaves. The server has control to wipe or disable any mobile phone should they be lost or stolen. Email traffic is protected through TLS encryption and web mail is protected though a HTTPS certificate.

• Wireless – No guests can use the company Wi-Fi at all – if internet is required then this is completed on aPrestige Plastics device.

• Backups – Backups are taken daily to removable USB devices and these are taken off site by Prestige Plastics staff members.

• Remote access – Remote access is only permitted through the secure HTTPS webmail and through secure mobile phone email synchronisation. Should further remote access be required then management must authorise this and is actioned only by Ashby Computer Services.

• External access – Ashby Computers gain remote access to the servers and the PC’s via an encrypted teamviewer and logmein and are only used for access as and when access is required.